DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: ICO reveals four new undertakings following data breaches

Posted on March 1, 2012 by Dissent

From the ICO:

Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website, the Information Commissioner’s Office (ICO) said today.

The personal data was contained in screenshots used to demonstrate the use of particular University systems and included details such as names, addresses and dates of birth of up to 177 former students and staff. The information – which had not been anonymised – was made available on the University’s website in February 2011. The University discovered the error in July 2011 and removed the material before reporting the matter to the ICO.

The university signed an undertaking to take corrective and preventive action.

While that was the only breach that seemed to merit its own press release, other undertakings were also disclosed today:

Community Integrated Care, a national social care charity signed an undertaking following the theft of an unencrypted laptop containing personal and sensitive personal data. The laptop, a router and printer were stolen in June 2011 from a locked ground floor office in the Newcastle area. The laptop contained personal data relating to 20 employees, as well as limited sensitive personal data relating to 20 young service users, including name, school and abbreviated details of their physical and mental disabilities.

The undertaking signed by London Borough of Croydon was also posted. Croydon had previously been fined £100,000 over the incident, which occurred when a social worker lost a bag in a pub. The bag  contained  papers concerning a child who is in the care of the Council. This incident was also subject to a monetary penalty which was announced earlier this month.

Dr Pervinder Sanghera of Arthur House Dental Care signed an undertaking following the discovery of an unencrypted memory stick containing personal and limited sensitive personal data relating to patients and employees of the practice.  The memory stick had been used as a backup when the practice’s existing backup failed, and had been taken home at times. There is no report that the practice knew the memory stick was missing (or even when it went missing) until someone sent the stick to the ICO’s office in July 2011.  The stick had been found in a public place.

So, seriously….. were there no breaches in the business sector that were reported or required undertakings?  With all of the hacks going on worldwide, were no entities in the U.K. hacked due to inadequate security that would require an undertaking?  Or is that a different agency’s responsibility?

 

Related posts:

  • Operation Anti Security Breakdown and targets, the full time line
  • UK: Five councils, a youth charity, and a healthcare provider sign undertakings following data breaches
  • A few ICO undertakings that flew under the radar
  • Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
Category: Breach IncidentsEducation SectorExposureHealth DataLost or MissingNon-U.S.

Post navigation

← Redhack hits Ankara police website
UK: One member of staff sacked and another reprimanded after data breaches at Northampton General Hospital →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.